Malicious network traffic can cause disruptions in network services, consumer fraud, loss of information, and other problems. Malicious traffic is typically hidden within normal traffic, the majority of which is consumer traffic (“CT”) and machine-to-machine (“M2M”) traffic. Since an attacker will attempt to hide or obfuscate malicious traffic, it is difficult for network providers to detect and to predict when and where malicious traffic will appear. Techniques for detecting malicious activity also are prone to false alarms when normal traffic cannot be separated from traffic associated with malicious activities.
Most existing malicious activity detection techniques focus on analyzing time-domain characteristics. Some techniques apply correlations between unknown traffic and known traffic patterns. Other techniques set up alarm thresholds for pre-warning or following examinations. Yet other techniques use a training set for supervised learning. Moreover, existing techniques cannot be implemented with streaming network traffic due to computational complexities.